Vulnerability Description
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
CVSS Score
4.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fomori | Cherrymusic | <= 0.35.2 |
Related Weaknesses (CWE)
References
- http://www.fomori.org/cherrymusic/Changes.htmlRelease NotesVendor Advisory
- http://www.securityfocus.com/bid/97149
- https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd6PatchThird Party Advisory
- https://github.com/devsnd/cherrymusic/issues/598Third Party Advisory
- https://www.exploit-db.com/exploits/40361/ExploitThird Party AdvisoryVDB Entry
- http://www.fomori.org/cherrymusic/Changes.htmlRelease NotesVendor Advisory
- http://www.securityfocus.com/bid/97149
- https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd6PatchThird Party Advisory
- https://github.com/devsnd/cherrymusic/issues/598Third Party Advisory
- https://www.exploit-db.com/exploits/40361/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2015-8309?
CVE-2015-8309 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
How severe is CVE-2015-8309?
CVE-2015-8309 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8309?
Check the references section above for vendor advisories and patch information. Affected products include: Fomori Cherrymusic.